# mail(a)bernhard-voelker.de / 2014-05-14 22:51:56 +0200:
On 05/14/2014 10:33 PM, Marcus Meissner wrote:
We tried very hard not to run stuff as root over
it too easy now to revert this, is probably bad.
That's exactly why I don't like a hack but an all-accepted
solution. E.g. a whitelist of complete command line strings
which are permitted to run as root in an OBS chroot. And a
macro %sudo which checks the given command against the whitelist
before chaning to root. By that, the security and quality team
would have fine-grained control over what is permitted.
E.g. for coreutils-testsuite, only the command string
'env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root'
would need to be added. The spec file could define it like
%sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
and that macro could verify that exactly that string is permitted.
limiting the privileged commandline to an invocation of a third-party
program does little to improve security. perhaps if the root mode could
be limited to vm builds (no chroots)?
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org